suricata
Data Structures | Macros | Typedefs | Functions
detect-ssh-proto-version.h File Reference
This graph shows which files directly or indirectly include this file:

Go to the source code of this file.

Data Structures

struct  DetectSshVersionData_
 

Macros

#define SSH_FLAG_PROTOVERSION_2_COMPAT   0x01
 

Typedefs

typedef struct DetectSshVersionData_ DetectSshVersionData
 

Functions

void DetectSshVersionRegister (void)
 Registration function for keyword: ssh.protoversion. More...
 

Detailed Description

Author
Pablo Rincon pablo.nosp@m..rin.nosp@m.con.c.nosp@m.resp.nosp@m.o@gma.nosp@m.il.c.nosp@m.om

Definition in file detect-ssh-proto-version.h.

Macro Definition Documentation

#define SSH_FLAG_PROTOVERSION_2_COMPAT   0x01

proto version 1.99 is considered proto version 2

Definition at line 28 of file detect-ssh-proto-version.h.

Referenced by DetectSshVersionRegister().

Typedef Documentation

typedef struct DetectSshVersionData_ DetectSshVersionData

Function Documentation

void DetectSshVersionRegister ( void  )

Registration function for keyword: ssh.protoversion.

Definition at line 76 of file detect-ssh-proto-version.c.

References Flow_::alproto, ALPROTO_SSH, Flow_::alstate, SigTableElmt_::alternative, AppLayerParserParse(), AppLayerParserThreadCtxAlloc(), AppLayerParserThreadCtxFree(), SigTableElmt_::AppLayerTxMatch, SshState_::cli_hdr, SigMatch_::ctx, DE_QUIET, SigTableElmt_::desc, DETECT_AL_SSH_PROTOCOL, DETECT_AL_SSH_PROTOVERSION, DetectBufferTypeRegister(), DetectEngineCtxFree(), DetectEngineCtxInit(), DetectEngineThreadCtxDeinit(), DetectEngineThreadCtxInit(), DetectSetupParseRegexes(), DetectSignatureSetAppProto(), DOC_URL, DOC_VERSION, FAIL_IF, FAIL_IF_NULL, DetectSshVersionData_::flags, SshHeader_::flags, flags, Packet_::flags, DetectEngineCtx_::flags, SigTableElmt_::flags, Packet_::flow, FLOW_DESTROY, FLOW_INITIALIZE, FLOW_PKT_ESTABLISHED, FLOW_PKT_TOSERVER, Packet_::flowflags, FLOWLOCK_UNLOCK, FLOWLOCK_WRLOCK, SigTableElmt_::Free, DetectSshVersionData_::len, m, MAX_SUBSTRINGS, SigTableElmt_::name, PacketAlertCheck(), PARSE_REGEX, PASS, PKT_HAS_FLOW, PKT_STREAM_EST, Flow_::proto, SshHeader_::proto_version, Flow_::protoctx, SigTableElmt_::RegisterTests, res, SC_ERR_PCRE_GET_SUBSTRING, SC_ERR_PCRE_MATCH, SCEnter, SCFree, SCLogDebug, SCLogError, SCMalloc, SCReturnInt, SCStrdup, SigTableElmt_::Setup, DetectEngineCtx_::sig_list, SigCleanSignatures(), SigGroupBuild(), SigGroupCleanup(), SigInit(), SIGMATCH_INFO_DEPRECATED, SIGMATCH_QUOTES_OPTIONAL, sigmatch_table, SigMatchAlloc(), SigMatchAppendSMToList(), SigMatchSignatures(), SshState_::srv_hdr, SSH_FLAG_PROTOVERSION_2_COMPAT, SSH_FLAG_VERSION_PARSED, str, STREAM_TOCLIENT, STREAM_TOSERVER, StreamTcpFreeConfig(), StreamTcpInitConfig(), TRUE, SigMatch_::type, unlikely, SigTableElmt_::url, UTHBuildPacket(), UTHFreePackets(), UtRegisterTest(), and DetectSshVersionData_::ver.

Referenced by SigTableSetup().

Here is the call graph for this function:

Here is the caller graph for this function: